Mist: Towards Improved Adversarial Examples for Diffusion Models
About
Diffusion Models (DMs) have empowered great success in artificial-intelligence-generated content, especially in artwork creation, yet raising new concerns in intellectual properties and copyright. For example, infringers can make profits by imitating non-authorized human-created paintings with DMs. Recent researches suggest that various adversarial examples for diffusion models can be effective tools against these copyright infringements. However, current adversarial examples show weakness in transferability over different painting-imitating methods and robustness under straightforward adversarial defense, for example, noise purification. We surprisingly find that the transferability of adversarial examples can be significantly enhanced by exploiting a fused and modified adversarial loss term under consistent parameters. In this work, we comprehensively evaluate the cross-method transferability of adversarial examples. The experimental observation shows that our method generates more transferable adversarial examples with even stronger robustness against the simple adversarial defense.
Related benchmarks
| Task | Dataset | Result | Rank | |
|---|---|---|---|---|
| Talking Head Generation | HDTF (test) | FID256.2 | 49 | |
| Portrait Privacy Protection | SyncTalk-generated videos (test) | PSNR28.54 | 45 | |
| Face Swapping Protection | CelebA-HQ | L2 Distance0.0139 | 28 | |
| Face Swapping Protection | VGGFace2 HQ | L2 Distance0.0261 | 28 | |
| Image Quality Evaluation | CelebA-HQ | PSNR29.8417 | 25 | |
| Image-to-Video Generation | CelebV-Text | ISM56.1 | 21 | |
| Image-to-Video Generation | UCF101 | ISM35.5 | 21 | |
| Image Immunization | StableDiffusion 1.4 (test) | PSNR16.4 | 20 | |
| Image Immunization | HQ-Edit (Unseen Prompts) | PSNR (dB)9.33 | 16 | |
| Immunization against image editing | SD14 to SD3 Cross-model transfer | PSNR21.98 | 16 |